ascii to binary

ctaustin has asked for the wisdom of the Perl Monks concerning the following question:

I have the need to stored username/password information. Obviously, I want to keep this information private, so I thought that I would just write the data to a binary file and then, when needed, read it and use it. I thought I could just use pack and binmode to do this. Something along the lines of

print "Enter User:\n";
$luser=<STDIN>;

print "Enter Pass:\n";
$pass=<STDIN>;

$luser=pack("A*",$luser);
$pass=pack("A*",$pass);

open (PFILE,">pass.bin") or die ("unable to open file $!\n");
binmode PFILE;
print PFILE "$luser|$pass";
close PFIFLE;
[download]

However, doing this, or every variation I have come up with, produces either a file that contains "my_user|my_pass" or simply "null|null".
Then reading it...

open (PFILE,"pass.bin") or die ("unable to open file $!\n");
binmode PFILE;
while ($line=<PFILE>){
$line=unpack("A*",$line);
}
[download]

Of course, reading doesn't work since I am not getting the correct data in the file.

I assume that I am either misunderstanding pack, misusing pack, or taking the wrong approach altogether.
Any thoughts of how to fix this approach or a better approach altogeter?

Comment on ascii to binary Select or Download Code

Replies are listed 'Best First'.
Re: ascii to binary by GrandFather (Saint) on Jul 23, 2005 at 00:01 UTC
Ascii is binary. It is simply a convention for interpreting binary data so you really are not changing anything by writing "ascii" out as "binary". Have a look on CPAN for the various encryption modules that are there. A very simple (and weak) encryption is to xor the plain text with a key text (password). Xoring the cypher text with the key text regenerates the plain text. Perl is Huffman encoded by design.	[reply]
Re^2: ascii to binary by CountZero (Bishop) on Jul 23, 2005 at 21:26 UTC
Actually `XOR`-ing the plain text with a key that is at least as long as the text itself is a very strong form of encryption. As long as you can keep the key secret, there is no way to reliably decrypt the encrypted text. And of course you should never use the same key twice. This is known as the one-time-pad encryption. Although it is totally secure and unbreakable, it suffers from the problem that you must find a way to provide the one-time-pad to the sender in a secure way. And as the one-time-pad is at least as long as the message you want to encrypt, you have only moved the problem on level "higher". If both sender and receiver can physically meet they can exchange the one-time-pad keys and the problem is solved. But you better not want to send more messages than pads you have! CountZero "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law	[reply] [d/l]
Re: ascii to binary by davidrw (Prior) on Jul 23, 2005 at 00:03 UTC
packing with "A*" will just get you ascii, which is why you see "my_user\|my_pass" (`perldoc -f pack`) .. Just using `pack` isn't going to keep your data private because anyone that can read it can just `unpack` it just as easily as you can. To start, you should be sure to make the permissions very restricted on that file. Even better would be to store the password as MD5 hash. Then when you need to check it, you ask for the user's name and password. First MD5 that provided password, then try to find that pair in your password file. To one-up that, i would also search cpan for passwd and auth (i don't have a specific recommendation offhand).	[reply] [d/l] [select]
Re: ascii to binary by ikegami (Patriarch) on Jul 23, 2005 at 00:04 UTC
Actually, I think you misunderstood binary file, or binary in general. Using `binmode` or `pack 'A'` doesn't encrypt anything. Look at the Crypt modules for encrpytion. Actually, if you only need to verify a user-submitted password against this password, you should be looking at hashing instead of encryption. The Digest modules are then the ones to use.	[reply] [d/l] [select]
Re: ascii to binary by ctaustin (Sexton) on Jul 23, 2005 at 01:25 UTC
Thanks for all of the feedback. They are currently issuing their user/pass on the command line, which is an issue since I can then just ps -ef\|grep perl and see their password. So my thought was that each user would have a private file, with permissions set just for them, that stores this data and can be used by the script. I will look at some of the encryption packages.	[reply]